MS bugged, CA vulnerable
Microsoft's Outlook and Internet Explorer have been hit by security holes.
The company said it was investigating a report by security firm eEye of a new
set of potentially serious flaws in the e-mail application and Web browser.
two holes could let an attacker take control over a system with minimal action
from the user, eEye said in two security alerts posted on its advisories page.
The company ranks the flaws as 'high' risk.
One of the vulnerabilities could let an attacker compromise a user's machine
after the user clicks on a Web link. The flaws exist in the default installations
of the applications on most current versions of Windows, according to eEye.
The company has informed Microsoft and will not provide further details until
Microsoft has provided a patch or security alert, it said on its Website.
In another report, eEye outlines multiple vulnerabilities in the Computer Associates
Licence Management software that is installed by default with almost all of
CA's products. The licencing software allows remote management and tracking
of software licences.
eEye has discovered multiple stack-based vulnerabilities within the licencing
component that processes incoming network requests. The licencing protocol is
text-based, and all of the vulnerabilities arise from incorrect handling of
the incoming text strings. Successful exploitation of these vulnerabilities
will allow a remote attacker to reliably execute code within the SYSTEM context.